One of the prevailing themes at the recent New York Cloud Expo was the concern over security in the cloud. Steve Orin, Sr. Security Architect & Principal Engineer for the Cross Platform Technology group at Intel, claimed that over half of CISOs (Chief information security officer) have listed security as their greatest concern about cloud technology. Jill Tummler Singer, current CIO for the National Reconnaissance Office and former Deputy CIO for the Central Intelligence Agency, also emphasized the anxiety about security in the cloud that many businesses are feeling during her talk on Big Data.
In my opinion, some of this fear is driven by overall demand for security. AMI’s research on IT and telecom spending shows that the growth in spending on security will only be outpaced by the growth in spending on computing and on telecom equipment. Furthermore, our surveys show that over half of SMBs worldwide feel that enhancing security, improving bandwidth, and deploying back-up solutions are the most important aspects of ICT.
While demand for security is high in general, I will admit that recent events have highlighted concerns over cloud specifically. The attacks on Dropbox, Sony, LinkedIn, and others have definitely caused some concern over the cloud platforms. Additionally, Microsoft’s recent paper on hyperjacking (viruses installed on the hardware or the BIOS so that the operating system can’t detect it) brought potential exploits of virtualization to the surface.
So is the cloud fundamentally less secure than traditional IT? No, and in fact it may become more secure.
Later on in the session, Mr. Orin talked about how Intel envisions a system built from the ground up. It would have hardware that can report on its verification and be linked to clients who are verified to have permission to access the system. He believes that this infrastructure could be built to be complaint to a specific regulation. Once the infastructure has been built, it would be integrated with standard cloud storage so that only necessary information would have an extra level of security. On another note, Jill Tummler Singer thought that the bring your own device (BYOD) culture in business would soon become secure and pointed out that the FBI found the process to be “efficient”.
While these solutions will build a more secure cloud, it shouldn’t be thought that cloud based security solutions are only a thing of the future. AMI’s global surveys found that virus protection, spam filtering, and other security solutions have the highest usage of either hosted or online ICT solutions. Furthermore, we found that security solutions, data storage, and virtual servers, generated the highest interest among SMBs who are not currently using a hosted solution.
While pooling secure data together does put more information at risk in the event of an attack, I see no reason to develop security on-premise instead of developing it on the cloud. IT is always going to have aspects that are more secure and those that are less secure. The question is whether to develop those security solutions in-house or move to a cloud based approach. The former method forces each company to reinvent the wheel and manage security, a function for which it receives no direct financial incentive, along with its day-to-day operations. The latter option pools the problems inherent with security and allows for a profit-incentivized, compliant system that can be monitored, inspected and applied across businesses.
The choice is clear: security, like most other applications, will be transitioning to the cloud.
-Clayton Dale Miller, Associate